Tech 3 August 2018Dennis Wafula
Bug bounty hunter exposes Monero bug enabling theft from exchanges
According to reports, the hackers managed to make use of old-fashioned social engineering to forge transaction data and use it to manipulate the support staff into crediting their accounts manually with extra XMR. The bug planted by the hackers multiplied the transactions, making it easier for the staff to approve dodgy transactions and credit these accounts. Reports showed that the attackers could exploit this repeatedly until they completely siphon all the money on an exchange.
Jason Rhineland, a Canadian Ph.D. candidate in Economics at Queens University, submitted a post on HackerOne revealing the system vulnerability. At the time of his post, the “business logic errors” are still active in Monero’s system. The bug was ranked 9 out of a possible 10, making it a “critical” in terms of severity.
Reports also show that the bug affected other Monero-based coins. According to reports, the attackers managed to steal ARQ coins from Altex, a wallet exchange desk. Altex has already alerted its users and all other virtual currencies in the ecosystem about the issue. It also suspended operations until proper measures have been put in place. It is yet unclear how much money the operator lost during the hack. The small operator said that they have suffered a big loss.
Reports on the HackerOne bug bounty program showed that five more operators have been affected by the recent attack on Monero’s system in the last 24 hours. The flaw has since been fixed in Monero’s system, but it is still unclear whether other affected systems have tackled the issue.
Bug bounty programs have helped stop many hacking threats by pointing out system shortcoming beforehand. Virtual exchanges and other cryptocurrency business are benefiting from these programs. Just a few weeks ago, bug bounties collected $24,000 in one week from four different blockchain projects.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 15 February 2019
How Metanet creates an immutable Internet
Metanet and Bitcoin were roughly conceived “in the depths of the late 90s” from the concept of an economically incentivized Internet, according to nChain Chief Scientist Dr. Craig Wright.
Tech 15 February 2019
HSBC slashes forex costs with blockchain
The firm confirmed it had reduced costs for its forex business by as much as 25%, in what analysts describe as an example of the importance of distributed ledger technology to banks and their bottom lines.
Tech 14 February 2019
UC Berkeley launches blockchain accelerator for startups
The University of California, Berkeley recently announced the launch of a new blockchain-focused accelerator, the Berkeley Blockchain Xcelerator for blockchain startups.